Password protection

For an SMS-managed data set (one with an assigned storage class), SMS sets the password indicators in the VTOC and catalog but ignores the indicators and does not use password protection for the data set. See the DD SECMODEL parameter description in SECMODEL parameter.

Password protecting data sets requires the following:

Data set names no longer than 17 characters. MVS™ retains in the tape label only the rightmost 17 characters of the data set name. Consequently, longer names could be identical in password checks.
Volumes with IBM® standard labels or ISO/ANSI/FIPS Version 3 labels.
A password assigned in the PASSWORD data set. If a password is not assigned, the system will abnormally terminate a job step when it attempts to open the data set for output, if NOPWREAD is coded, or for input or output, if PASSWORD is coded.

To create a password-protected data set following an existing password-protected data set, code the password of the existing data set. The password must be the same in both the existing and the new data set.

To password-protect a data set on a tape volume containing other data sets, you must password-protect all the data sets on the volume and the passwords must be the same for all data sets.

To password-protect an existing data set using PASSWORD or NOPWREAD, open the data set for output the first time it is used during the job step.

PASSWORD: Indicates that a data set cannot be read, changed, deleted, or written to unless the system operator or TSO/E user supplies the correct password.
NOPWREAD: Indicates that a data set cannot be changed, deleted, or written to unless the system operator or TSO/E user supplies the correct password. No password is necessary for reading the data set.